[pfSense] upgrade Openssl Package 0.9.8y in to 0.9.8zd) in pfsense 2.1
Hello Everyone I am going to upgrade Openssl Package* ( 0.9.8y in to 0.9.8zd) *in pfsense 2.1 release Step 1 I have downloaded Openssl-0.9.8zd.tar.gz Step 2 Extract Openssl-0.9.8zd.tar.gz Step 3 cd openssl-0.9.8zd Step4 ./config --prefix=/usr/ (Below mention error I am getting ) *cc: not foundYou need Perl 5.* Regards Amit saxema ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Recomend
Hello Walter, to what project from which Jim are you refering to, do you have a link? best - Original Message - From: Walter Parker walt...@gmail.com To: pfSense Support and Discussion Mailing List list@lists.pfsense.org Sent: Tuesday, December 16, 2014 6:49:52 PM Subject: Re: [pfSense] Recomend What I mean is that there is project under development that has an SSD style device with a lifespan of 100 years for writes to the drive. The lifespan of the SSD in your new firewall will last 5-10 years (assuming lots of writes). Therefore, the new super long life SSD should hit the market long before your new SSD will have any end of life issues. I didn't mean to imply that the SSD had any specific issues other than the base issue that all SSD drives have (the electron tunneling that allows an SSD to work results in limited life span as compared to DRAM or spinning rust drive writes). If/when I upgrade my firewall, the APU is what I want. Walter On Tue, Dec 16, 2014 at 6:41 AM, Brian Caouette bri...@dlois.com wrote: Just tracked my order and its suppose to arrive today. Can't wait! I went with the SSD they offer. What drive project are you referring too? I don't understand your comment about get it now before it has any issues. Brian On 11/30/2014 3:07 PM, Walter Parker wrote: If you are getting the Netgate kit, I'd suggest just getting the Intel m525 SSD that they offer. This is a modern SSD with wear leveling that keeps software like a squid cache from burning out the drive early. It will fit and work without having to build a custom cable and have to tape a drive to the case. IIRC, your setup is for a home network, so the amount of data that is likely to flow will be quite a bit below the SSD's limits. Also, I think the guys at Netgate picked that specific SSD from Intel because tested different SSD drives and found that the Intel drive worked well and has a good reputation for quality and longevity. Why are you moving to the kit? If it because you want a small, low energy box that you can put in a corner and then forget about the hardware because it just works, then get the SSD and buy a backup device (SD card or SSD). Then in 5-10 years, if the SSD fails, you will have a replacement device on hand to replace the SSD that went out. I suggest you get the SSD now. Before the SSD has any issues, Jim's new drive project will be complete and that one should last for life of the router. Walter On Sun, Nov 30, 2014 at 11:16 AM, Volker Kuhlmann hid...@paradise.net.nz wrote: On Fri 28 Nov 2014 13:56:32 NZDT +1300, Ryan Coleman wrote: Have you considered a small 2.5 SATA HD for the machine? If you're talking APU, of course. You can run it off 5V from the board (I THINK?) I know there are SATA headers there. There is one SATA header on the board, and you get 5V power from a 2-pin header close-by. Butcher a SATA power cable and solder something up yourself, or better buy the specially-made short SATA/power cable from PC Engines. A tip from PC Engines was to tape the disk under the lid, so all fits into the box. Might pay to check disk temperature afterwards. I noticed the latest revision of the APU board has a 2x3 test header missing to make more space for a 2.5 disk. I am about to try an SSD for pfsense and a 2.5 for the squid cache. Currently it all runs fine off a 2.5. I can't comment on the other hardware mentioned by the OP because of lack of experience. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org
Re: [pfSense] upgrade Openssl Package 0.9.8y in to 0.9.8zd) in pfsense 2.1
pfsense is not distributed with a developer environment. On Thu, Mar 26, 2015 at 5:53 AM, amit saxena amit.linux@gmail.com wrote: Hello Everyone I am going to upgrade Openssl Package* ( 0.9.8y in to 0.9.8zd) *in pfsense 2.1 release Step 1 I have downloaded Openssl-0.9.8zd.tar.gz Step 2 Extract Openssl-0.9.8zd.tar.gz Step 3 cd openssl-0.9.8zd Step4 ./config --prefix=/usr/ (Below mention error I am getting ) *cc: not foundYou need Perl 5.* Regards Amit saxema ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] blocking torrents and web based https proxies
Torrent traffic: maybe with a good L7 filter (not tried this myself). But HTTPS proxies and SSL VPN's forget about it. It's a game of whack-a-mole. As soon as you squash one, three more will pop-up. You can't block SSL. You'd need to get a real web filtering solution and by that I mean a service that constantly updates with new content and category definitions. Barracuda, Iron Port, Websense, to name a few companies. It's still a game of whack-a-mole but you're paying them to do it. It still won't get them all but it will get you hopefully into the 99% range. There would likely still be outliers, SSH tunnels and people clever enough to setup tunnels on non-standard ports and protocols that wouldn't be monitored. I'd be happy to be wrong and welcome a correction from someone who knows more about it on this list (there are plenty of them). On Tue, Mar 24, 2015 at 5:12 AM, Rizwan Saeed rizwan.sa...@nu.edu.pk wrote: Hi Guys, I am managing a 1000+ university network. pfsense is working fine. The only problem I have is that the students bypass all the security with web vpn’s and free https proxies. So I would like to know that if there is an effective way to block https web proxies, web based VPN and encrypted torrent traffic? Regards, Riz ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.1 Site-to-Site IPsec VPN Connection Instability
On Mon, Mar 23, 2015 at 9:34 AM, Christopher CUSE cc...@ccuse.com wrote: On 03/23/2015 03:03 PM, mayak wrote: On 03/22/2015 12:38 AM, Bryan D. wrote: We've had a pfSense-to-pfSense always on IPsec VPN connecting 2 offices since 2008 (pfSense 1.2 IIRC) and it's: - been ultra reliable (if VPN is down, suspect ISP issue or pfSense box failure) - it's been quick to connect (about 1 second, almost unnoticeable) - it's worked across numerous upgrades without issue (nice!) Beginning with pfSense v2, we added multiple P2s at each end (still same reliability, etc.). One of the offices has had its hardware updated and its pfSense updated to 2.2 then 2.2.1 (after testing to see whether we seemed to be affected by the multiple P2 issue noted in the upgrade page -- we're OK on that one). This connection has continued to work with the same characteristics as before. The 2.2.1 system is 64-bit and the other end is v2.1.5 32-bit We recently added a second site-to-site IPsec VPN, essentially the same as the existing one except both sides are pfSense v2.2.1 (but other end is 32-bit) and stronger algorithms are being used and P1 is set to v2 (supposedly avoiding any multiple P2 issues). snip i have to say that i am also experiencing this. i'm in the process of installing smokeping to prove connectivity is good between the public ip endpoints between various vpns. will report back with those results. thanks m just got dropped again -- fourth time in last few hours -- something is definitely wrong. upgraded all my pfsenses to 2.2.1 over the weekend. Go to SystemAdvanced, System Tunables, and add a new tunable there. Name net.key.preferred_oldsa, value 0, then save and apply changes. That have any impact on things? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] sshd is ttill hunging - sshd key regeneration - pfsense nanobsd 32bit v2.1.5 to v2.2 / now 2.1
Hello all it is a known issue that some pfsenses generated with the update to v2.2 new ssk keys so sshd is not accessable / service down. it is not possible to start the service deleting and regenerating keys doesn't help also updte v2.2 to 2.2.1 doenstr resolved issue has anyone a short howto to fix this issue ? a balnk new v2.2 nanobsd works fine also with ssh, but the upgraded ones - there sshd still hungs thanks for your feedback, best regards stephan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold